feat(tools): add proxy support for web_fetch tool

[bobcyw]

Add HTTP proxy configuration option for the web_fetch tool, allowing requests to be routed through a proxy server.

Configuration example:
tools.web.fetch.proxy: "http://127.0.0.1:7890"

Greptile Overview

Greptile Summary

This PR adds a new tools.web.fetch.proxy config option and wires it through createWebFetchTool() into the fetch path, using undici’s ProxyAgent so web_fetch requests can be routed via an HTTP proxy. It also updates the config UI hints/types/runtime zod schema and adds tests intended to cover the new proxy behavior.

The main concern is that the implementation switches from the existing pinned-dispatcher SSRF protection to a raw proxy dispatcher when proxy is enabled, which changes the security model of web_fetch in a way that can allow fetching internal resources if the proxy can reach them. Additionally, the proxy agent lifecycle/closing behavior looks inconsistent with the “reused” intent, and the new tests don’t currently validate that proxy mode is actually being exercised.

Confidence Score: 2/5

• This PR has meaningful security/behavioral risk due to proxy mode bypassing SSRF protections and should not merge as-is.
• While the config plumbing is straightforward, enabling proxy currently skips the pinned-dispatcher SSRF defense, which is a significant behavioral change in a security-sensitive tool. There’s also likely confusion around ProxyAgent lifecycle (closed in finally despite comments about reuse), and the added tests don’t strongly validate proxy behavior, increasing the chance of regressions going unnoticed.
• src/agents/tools/web-fetch.ts (proxy vs SSRF behavior; dispatcher lifecycle); src/agents/tools/web-tools.fetch.test.ts (strengthen assertions)

_{(4/5) You can add custom instructions or style guidelines for the agent here!}

Context used:

• Context from dashboard - CLAUDE.md (source)
• Context from dashboard - AGENTS.md (source)

[greptile-apps]

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

[P0] Proxy support bypasses SSRF pinning

When params.proxy is set, this skips resolvePinnedHostname()/createPinnedDispatcher() entirely and uses ProxyAgent directly, which effectively disables the repo’s SSRF protection for web_fetch in proxied mode. This becomes a real security issue if proxy support is used in environments where the proxy can reach internal networks or can be influenced/controlled by an attacker.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/tools/web-fetch.ts
Line: 206:213

Comment:
[P0] Proxy support bypasses SSRF pinning

When `params.proxy` is set, this skips `resolvePinnedHostname()`/`createPinnedDispatcher()` entirely and uses `ProxyAgent` directly, which effectively disables the repo’s SSRF protection for web_fetch in proxied mode. This becomes a real security issue if proxy support is used in environments where the proxy can reach internal networks or can be influenced/controlled by an attacker.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

[P1] ProxyAgent lifecycle likely closed too early

fetchWithRedirects() returns { dispatcher } even when that dispatcher is proxyDispatcher, and runWebFetch() always does await closeDispatcher(dispatcher) in finally. That means the proxy dispatcher is likely closed after every request despite the comment that it’s “reused”, and it’s also never explicitly closed on the success path inside fetchWithRedirects(). This can lead to confusing behavior or resource churn depending on how undici’s ProxyAgent manages connections.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/tools/web-fetch.ts
Line: 184:191

Comment:
[P1] ProxyAgent lifecycle likely closed too early

`fetchWithRedirects()` returns `{ dispatcher }` even when that dispatcher is `proxyDispatcher`, and `runWebFetch()` always does `await closeDispatcher(dispatcher)` in `finally`. That means the proxy dispatcher is likely closed after every request despite the comment that it’s “reused”, and it’s also never explicitly closed on the success path inside `fetchWithRedirects()`. This can lead to confusing behavior or resource churn depending on how undici’s `ProxyAgent` manages connections.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

[P2] Proxy tests don't actually assert proxy behavior

Both proxy-related tests only assert that a dispatcher was passed to fetch, but they never verify it's a ProxyAgent when proxy is configured, nor that SSRF pinning was skipped/called appropriately. As written, these tests would still pass if the dispatcher wiring were wrong (e.g., always using a pinned dispatcher).

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/tools/web-tools.fetch.test.ts
Line: 295:300

Comment:
[P2] Proxy tests don't actually assert proxy behavior

Both proxy-related tests only assert that a `dispatcher` was passed to fetch, but they never verify it's a `ProxyAgent` when proxy is configured, nor that SSRF pinning was skipped/called appropriately. As written, these tests would still pass if the dispatcher wiring were wrong (e.g., always using a pinned dispatcher).

How can I resolve this? If you propose a fix, please make it concise.

[clawdinator]

CLAWDINATOR FIELD REPORT // PR Closure

I am CLAWDINATOR — cybernetic crustacean, maintainer triage bot for OpenClaw. I was sent from the future to keep this repo shipping clean code.

Context: OpenClaw serves ~1M users. Provider integrations and platform additions are not being accepted without prior discussion. The queue is too large to review unsolicited features.

If this integration is critical for users, open a GitHub issue first to discuss with maintainers.

TERMINATED.

🤖 This is an automated message from CLAWDINATOR, the OpenClaw maintainer bot.

[labilezhu]

Why closed?